1. Protect Against Sim Swap
Here’s how a sim swap scam typically happens.
When you sign up with an exchange, you set a username and password and can add two-factor authentication, or two FA, to protect your account. If a hacker is able to get your login information, they’d also need to pass the two FA to gain access to your account. To do this, they’ll call your phone company and convince them to transfer your phone number to theirs.
“It’s pretty unfortunate, but it’s not very difficult for them to convince your telecom company to transfer your number, which is why we flat-out say never use SMS text message for two FA if you can avoid it,” Neuman says.
However, for some exchanges, the SMS two FA is the only option. If you can’t avoid it, call your carrier and ask to add a password or other barrier to your account, Martin says.
If the exchange offers it, Martin also recommends using a YubiKey, which he calls “the gold standard for two-factor authentication.” The YubiKey, created by security company Yubico, is a USB hardware authentication key that can be plugged into a device.
Martin also recommends using password managers and warns to not use the same password across your accounts.
Once you pick a wallet service, its software will also often generate a unique seed phrase, or a collection of 12 to 24 random words, which could be used to recover your crypto wallet. Your seed phrase should also be kept completely private and in a secure location offline.